$OpenBSD: patch-bin_dig_dig_c,v 1.2 2017/05/03 20:20:42 sthen Exp $
--- bin/dig/dig.c.orig	Fri Apr 14 04:54:11 2017
+++ bin/dig/dig.c	Thu Apr 20 09:35:26 2017
@@ -2090,6 +2090,11 @@ main(int argc, char **argv) {
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
 
+	if (pledge("stdio rpath inet unix dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	debug("main()");
 	preparse_args(argc, argv);
 	progname = argv[0];
@@ -2097,6 +2102,13 @@ main(int argc, char **argv) {
 	check_result(result, "isc_app_start");
 	setup_libs();
 	parse_args(ISC_FALSE, ISC_FALSE, argc, argv);
+
+	/* inet for network connections, dns for resolv.conf */
+	if (pledge("stdio inet dns", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	setup_system();
 	if (domainopt[0] != '\0') {
 		set_search_domain(domainopt);
